Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
unauthorized_client: The client does not exist or is not enabled for consumers
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 69%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGO%3C/text%3E%3C/svg%3E)
Giel Oomen
36
Reputation points
Hey all, hopefully someone could help me (/ us) out here.
First of all what we try to accomplish: We have a web app built in NextJS that uses Azure B2C for login. This works fine. We would like to allow users to login through identity providers (Microsoft and Google) where Microsoft IDP also specifically allow external tenants. This last point is a pain.
The flow we use:
- App reg in B2C
- App reg in main Azure AD tenant with fallback to B2C (.../oauth2/authresp and .auth/login/aad/callback both because which one we should have... i dont even know at this point)
- App reg in main AD accepts multitenant + personal
- In B2C app reg setup Microsoft ISP with client id and secret
Then test the B2C App:
- When logged in on your edge browser and want to use a work account; forget about it, you have no option to switch here
- When using another browser like chrome or incognito and use work "That Microsoft account doesn't exist. Enter a different account or get a new one." While it most certainly exists because I use it for work every single day
It's so ironic that setting up Google IDP (and any other auth provider) in Microsoft is easier than setting up Microsoft IDP in Microsoft. We have had so much issues with Microsoft auth (mostly separate from B2C but this tops it all)
There are plenty of people online with the same error but all fixes are about allowing personal accounts which is NOT what we are trying to accomplish. Rather have no option for personal but only allow multitenancy but then we get the error from the title.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes
-
Raja Pothuraju 45,955 Reputation points Microsoft External Staff Moderator2024-11-04T20:25:52.6066667+00:00 Hello @Giel Oomen,
Thank you for posting your query on Microsoft Q&A.
Based on your description, I understand that you are unable to log in to your Azure AD B2C application using credentials from another Entra tenant, while other IDPs are working fine.
The error message, "unauthorized_client: The client does not exist or is not enabled for consumers," suggests that your B2C application is not configured to authenticate external tenant users. To verify this, please go to your application in Azure AD B2C, navigate to Authentication > Supported account types, and ensure you have selected Accounts in any identity provider or organizational directory (for authenticating users with user flows).
Please check this setting, and if everything looks correct, let me know.
Thanks,
Raja Pothuraju. -
Raja Pothuraju 45,955 Reputation points Microsoft External Staff Moderator
2024-11-07T20:46:54.3833333+00:00 Hello @Giel Oomen,
Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.
-
Raja Pothuraju 45,955 Reputation points Microsoft External Staff Moderator
2024-11-12T13:46:40.8666667+00:00 Hello @Giel Oomen,Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.
Sign in to comment
Sign in to answer